In recent years, the importance of access control technology that controls specific information or actions based on authorization information is growing. For example, action-based access control is used extensively.
As the action-based access control, for example, there is a method that uses authorization information for a document file as a security attribute. According to this method authorization information for a document file is written in an action propriety format such as “read permission” or “edit permission”, and the authorization information is assigned to a user. This type of authorization information is known as an access control matrix or an access control list.
However, in action-based access control, it is difficult to write conditions such as a permitted access time or an access site or detailed and flexible access control contents such as detailed functional limitation.
Therefore, in recent years, not only action-based but also access-control-policy-type access control is used. The access control policy is a set of access control rules, and standard descriptive specifications are released. In the access-control-policy-type access control, conditions of decision criteria or functional limitation can be written in detail. As a result, in the access-control-policy-type access control, upon receiving a request for accessing information, various kinds of attribute information are acquired from an access requester, the acquired information is compared with conditions of decision criteria, whether a file can be opened is decided, and control such as limiting to a function designated in the access control policy is enabled. Such a technology is also generally called digital rights management.
However, although a mechanism that acquires various kinds of attribute information is independent from an access control mechanism. For example, user authentication or the like is also a part of the acquisition of the attribute information, but an authentication policy for deciding an authentication method for an access subject is often used aside from the access control policy.
In contrast, at the present, selectivity of attribute information has been demanded. Taking authentication as an example, what is demanded is selecting attribute information from various authentication elements, authentication methods, and authentication executors and changing the authorization of an access subject in accordance with executed authentication. For example, a method or a level of authentication may be changed in accordance with an importance degree of a resource which is an access control target in some cases. The authorization of an access subject may be changed in accordance with attribute information concerning an environment such as a conformation of connection to services, a connection site, a connection time, and others besides the attribute information concerning the authentication of a user in some cases.
However, a method of deciding attribute information to be acquired is generally implicitly known. Further, in an access control system, it is often the case that access decision is executed only once. In this case, assuming that the attribute information to be acquires is implicitly know, all items of attribute information that are possibly required for the access decision are acquired, which is inefficient.
Furthermore, when items of exclusive and selective attribute information are present, for example, when a concurrent authentication state provided by items of authentication processing is prohibited, non-selected attribute information cannot be acquired, and the access decision cannot be executed.
Therefore, in an information system, when items of exclusive and selective attribute information are present, the attribute information is selected in a rigid and restricted way, and the access decision is executed, whereby authentication concerning non-selected attribute information is omitted and the simplified access control is executed. However, the simplified access control can be a cause that increases a risk such as leakage or impairment of information.
A problem to be solved by the present invention is to provide an access control apparatus and a storage medium that can efficiently realize advanced access control even if items of exclusive and selective attribute information are present.